Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
| azure:azure_policy [2024/10/03 13:03] – [Effect Order Of Evaulation] mmuze | azure:azure_policy [2024/10/04 14:13] (current) – [Effect Order Of Evaulation] mmuze | ||
|---|---|---|---|
| Line 34: | Line 34: | ||
| * append and modify | * append and modify | ||
| * deny | * deny | ||
| + | * The Deny effect prevents a resource from being created or modified (including deleted) if it violates a policy rule. | ||
| * audit | * audit | ||
| * manual | * manual | ||
| * auditIfNotExists | * auditIfNotExists | ||
| * denyAction | * denyAction | ||
| + | * It prevents the deletion of resources that match a specified condition, such as a specific resource type or tag value. | ||
| - | + | <callout type=" | |
| - | + | //Deny// effect applies to all actions (create, update, delete), while // | |
| + | * Use Deny effect when you want to block all unauthorized actions (create, update, delete) on a resource that does not support tags and locations. | ||
| + | * Use DenyAction effect when you want to specifically prevent the deletion of resources that support tags and locations, such as virtual networks or storage accounts. | ||
| + | </ | ||